In the past year, we’ve noticed many changes in how toolkits and exploit kits are being used. For starters, the bad guys are spending more time securing their creations , as well as the servers where their malware will be installed. They do this to prevent leaks, as well as to make things harder for security researchers. Here are…

Apart from keeping servers and endpoints secure, IT teams in enterprises also make sure that day-to-day business operations run smoothly. With this in mind, IT groups often delay installing security updates once software vendors release them for several reasons. For one, applying patches often require restarts for mission critical servers and at times these may…

Some malware are more persistent than others – like WORM_VOBFUS. This recent heap of WORM_VOBFUS variants seen spreading on Facebook does not exhibit new routines, but it is a good reminder for users about well-known but easily forgotten safe computing practices. Based on our initial analysis, these WORM_VOBFUS variants that do not show any advanced…

We discussed last week the risks that out-of-office notifications pose for organizations – namely, that they could serve as leaks that an attacker could use to conduct successful attacks. However, the threats from automatic e-mail replies don’t stop with out-of-office notifications. Two other types of automatic replies also pose a threat: bounce messages, and read…

In the discussion of targeted attacks, it is usually taken for granted that they arrived via some sort of spear-phishing attack. The discussion then goes into an analysis of the malware involved and/or the servers used or compromised in the attack. However, to avoid attacks in the first place, it is of value to look…